Fixes/changes:
- Code cleanup: Removed the majority of remaining telemetry code (including the data reporting back-end and health report) to prevent a few issues with partially removed code in earlier versions.
- Fixed a crash due to handling of bogus URIs passed to CSS style filters (e.g. whatsapp's web interface).
- Permitted spec-breaking syntax in Regex character classes, allowing ranges that would be permitted per the grammar rules in the spec but not necessarily following the syntax rules. This impacts a good number of (also higher profile) sites that use invalid ranges in regular expressions (e.g. Cisco's networking academy site, Yahoo Fantasy Football).
- Fixed a crash due to the newly introduced WASAPI handling of audio channel mapping that doesn't like actual surround hardware setups (e.g. playing a video with quadraphonic audio on a 4-speaker setup).
- Fixed an issue where site-specific dictionary selections would be written to content preferences without the user's action, potentially overwriting or clearing a previously-chosen dictionary.
- Added support for drag and drop of local files from sources which use text/uri-lists. (Some Linux flavors/file managers)
- Updated libnestegg to the most current version.
- Fixed an issue where setting the location to an empty string could cause a reload loop.
- Changed the jemalloc poison address to something that is not a NOP-slide. DiD
- Fixed a memory safety hazard in ConvertDialogOptions (CVE-2015-4521)
- Fixed a buffer overflow/crash hazard in the VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE (CVE-2015-7179)
- Fixed an overflow/crash hazard in the XULContentSinkImpl::AddText function (CVE-2015-7175)
- Fixed a stack buffer overread hazard in the ICC v4 profile parser (CVE-2015-4504)
- Fixed an HTMLVideoElement Use-After-Free Remote Code Execution 0-day vulnerability (ZDI-CAN-3176) (CVE-2015-4509)
- Fixed a potentially exploitable crash in nsXBLService::GetBinding
- Fixed a memory safety hazard in nsAttrAndChildArray::GrowBy (CVE-2015-7174)
- Fixed a memory safety hazard for callers of nsUnicodeToUTF8::GetMaxLength (CVE-2015-4522)
- Fixed a heap buffer overflow/crash hazard caused by invalid WebM headers (CVE-2015-4511)